draft-ietf-cose-countersign-03.txt   draft-ietf-cose-countersign-04.txt 
COSE Working Group J. Schaad COSE Working Group J. Schaad
Internet-Draft August Cellars Internet-Draft August Cellars
Updates: 8152 (if approved) R. Housley, Ed. Updates: 8152 (if approved) R. Housley, Ed.
Intended status: Standards Track Vigil Security Intended status: Standards Track Vigil Security
Expires: 16 October 2021 14 April 2021 Expires: 20 November 2021 19 May 2021
CBOR Object Signing and Encryption (COSE): Countersignatures CBOR Object Signing and Encryption (COSE): Countersignatures
draft-ietf-cose-countersign-03 draft-ietf-cose-countersign-04
Abstract Abstract
Concise Binary Object Representation (CBOR) is a data format designed Concise Binary Object Representation (CBOR) is a data format designed
for small code size and small message size. CBOR Object Signing and for small code size and small message size. CBOR Object Signing and
Encryption (COSE) defines a set of security services for CBOR. This Encryption (COSE) defines a set of security services for CBOR. This
document defines a countersignature algorithm along with the needed document defines a countersignature algorithm along with the needed
header parameters and CBOR tags for COSE. header parameters and CBOR tags for COSE.
Contributing to this document Contributing to this document
skipping to change at page 1, line 45 skipping to change at page 1, line 45
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at https://datatracker.ietf.org/drafts/current/. Drafts is at https://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on 16 October 2021. This Internet-Draft will expire on 20 November 2021.
Copyright Notice Copyright Notice
Copyright (c) 2021 IETF Trust and the persons identified as the Copyright (c) 2021 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents (https://trustee.ietf.org/ Provisions Relating to IETF Documents (https://trustee.ietf.org/
license-info) in effect on the date of publication of this document. license-info) in effect on the date of publication of this document.
Please review these documents carefully, as they describe your rights Please review these documents carefully, as they describe your rights
skipping to change at page 2, line 36 skipping to change at page 2, line 36
3. Version 2 Countersignatures . . . . . . . . . . . . . . . . . 6 3. Version 2 Countersignatures . . . . . . . . . . . . . . . . . 6
3.1. Full Countersignatures . . . . . . . . . . . . . . . . . 7 3.1. Full Countersignatures . . . . . . . . . . . . . . . . . 7
3.2. Abbreviated Countersignatures . . . . . . . . . . . . . . 8 3.2. Abbreviated Countersignatures . . . . . . . . . . . . . . 8
3.3. Signing and Verification Process . . . . . . . . . . . . 8 3.3. Signing and Verification Process . . . . . . . . . . . . 8
4. CBOR Encoding Restrictions . . . . . . . . . . . . . . . . . 10 4. CBOR Encoding Restrictions . . . . . . . . . . . . . . . . . 10
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10
5.1. CBOR Tag Assignment . . . . . . . . . . . . . . . . . . . 10 5.1. CBOR Tag Assignment . . . . . . . . . . . . . . . . . . . 10
5.2. COSE Header Parameters Registry . . . . . . . . . . . . . 11 5.2. COSE Header Parameters Registry . . . . . . . . . . . . . 11
6. Security Considerations . . . . . . . . . . . . . . . . . . . 11 6. Security Considerations . . . . . . . . . . . . . . . . . . . 11
7. Implementation Status . . . . . . . . . . . . . . . . . . . . 13 7. Implementation Status . . . . . . . . . . . . . . . . . . . . 13
7.1. Author's Versions . . . . . . . . . . . . . . . . . . . . 13 7.1. Author's Versions . . . . . . . . . . . . . . . . . . . . 14
7.2. COSE Testing Library . . . . . . . . . . . . . . . . . . 14 7.2. COSE Testing Library . . . . . . . . . . . . . . . . . . 14
8. References . . . . . . . . . . . . . . . . . . . . . . . . . 14 8. References . . . . . . . . . . . . . . . . . . . . . . . . . 15
8.1. Normative References . . . . . . . . . . . . . . . . . . 14 8.1. Normative References . . . . . . . . . . . . . . . . . . 15
8.2. Informative References . . . . . . . . . . . . . . . . . 15 8.2. Informative References . . . . . . . . . . . . . . . . . 15
Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 16 Appendix A. Examples . . . . . . . . . . . . . . . . . . . . . . 17
A.1. Use of Early Code Points . . . . . . . . . . . . . . . . 17 A.1. Use of Early Code Points . . . . . . . . . . . . . . . . 17
A.2. Examples of Signed Messages . . . . . . . . . . . . . . . 17 A.2. Examples of Signed Messages . . . . . . . . . . . . . . . 17
A.2.1. Countersignature . . . . . . . . . . . . . . . . . . 17 A.2.1. Countersignature . . . . . . . . . . . . . . . . . . 17
A.3. Examples of Signed1 Messages . . . . . . . . . . . . . . 18 A.3. Examples of Signed1 Messages . . . . . . . . . . . . . . 18
A.3.1. Countersignature . . . . . . . . . . . . . . . . . . 18 A.3.1. Countersignature . . . . . . . . . . . . . . . . . . 18
A.4. Examples of Enveloped Messages . . . . . . . . . . . . . 19 A.4. Examples of Enveloped Messages . . . . . . . . . . . . . 19
A.4.1. Countersignature on Encrypted Content . . . . . . . . 19 A.4.1. Countersignature on Encrypted Content . . . . . . . . 19
A.5. Examples of Encrypted Messages . . . . . . . . . . . . . 20 A.5. Examples of Encrypted Messages . . . . . . . . . . . . . 20
A.5.1. Countersignature on Encrypted Content . . . . . . . . 21 A.5.1. Countersignature on Encrypted Content . . . . . . . . 21
A.6. Examples of MACed Messages . . . . . . . . . . . . . . . 21 A.6. Examples of MACed Messages . . . . . . . . . . . . . . . 21
skipping to change at page 13, line 19 skipping to change at page 13, line 19
Analysis of the size of encrypted messages can provide information Analysis of the size of encrypted messages can provide information
about the plaintext messages. This specification does not provide a about the plaintext messages. This specification does not provide a
uniform method for padding messages prior to encryption. An observer uniform method for padding messages prior to encryption. An observer
can distinguish between two different messages (for example, 'YES' can distinguish between two different messages (for example, 'YES'
and 'NO') based on the length for all of the content encryption and 'NO') based on the length for all of the content encryption
algorithms that are defined in [I-D.ietf-cose-rfc8152bis-algs]. This algorithms that are defined in [I-D.ietf-cose-rfc8152bis-algs]. This
means that it is up to the applications to specify how content means that it is up to the applications to specify how content
padding is to be done to prevent or discourage such analysis. (For padding is to be done to prevent or discourage such analysis. (For
example, the text strings could be defined as 'YES' and 'NO '.) example, the text strings could be defined as 'YES' and 'NO '.)
When either COSE_Encrypt and COSE_Mac is used and more than two
parties share the key, data origin authentication is not provided.
Any party that knows the message-authentication key can compute a
valid authentication tag; therefore, the contents could originate
from any one of the parties that share the key.
Countersignatures of COSE_Encrypt and COSE_Mac with short
authentication tags do not provide the security properties associated
with the same algorithm used in COSE_Sign. To provide 128-bit
security against collision attacks, the tag length MUST be at least
256-bits. A countersignature of a COSE_Mac with AES-MAC 256/128
provides at most 64 bits of integrity protection. Similarly, a
countersignature of a COSE_Encrypt with AES-CCM-16-64-128 provides at
most 32 bits bits of integrity protection.
7. Implementation Status 7. Implementation Status
This section is to be removed before publishing as an RFC. This section is to be removed before publishing as an RFC.
This section records the status of known implementations of the This section records the status of known implementations of the
protocol defined by this specification at the time of posting of this protocol defined by this specification at the time of posting of this
Internet-Draft, and is based on a proposal described in [RFC7942]. Internet-Draft, and is based on a proposal described in [RFC7942].
The description of implementations in this section is intended to The description of implementations in this section is intended to
assist the IETF in its decision processes in progressing drafts to assist the IETF in its decision processes in progressing drafts to
RFCs. Please note that the listing of any individual implementation RFCs. Please note that the listing of any individual implementation
skipping to change at page 16, line 9 skipping to change at page 16, line 32
<https://www.rfc-editor.org/info/rfc7942>. <https://www.rfc-editor.org/info/rfc7942>.
[RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence [RFC4998] Gondrom, T., Brandner, R., and U. Pordesch, "Evidence
Record Syntax (ERS)", RFC 4998, DOI 10.17487/RFC4998, Record Syntax (ERS)", RFC 4998, DOI 10.17487/RFC4998,
August 2007, <https://www.rfc-editor.org/info/rfc4998>. August 2007, <https://www.rfc-editor.org/info/rfc4998>.
[I-D.ietf-core-groupcomm-bis] [I-D.ietf-core-groupcomm-bis]
Dijk, E., Wang, C., and M. Tiloca, "Group Communication Dijk, E., Wang, C., and M. Tiloca, "Group Communication
for the Constrained Application Protocol (CoAP)", Work in for the Constrained Application Protocol (CoAP)", Work in
Progress, Internet-Draft, draft-ietf-core-groupcomm-bis- Progress, Internet-Draft, draft-ietf-core-groupcomm-bis-
02, 2 November 2020, <https://tools.ietf.org/html/draft- 03, 22 February 2021, <https://tools.ietf.org/html/draft-
ietf-core-groupcomm-bis-02>. ietf-core-groupcomm-bis-03>.
[I-D.ietf-cose-rfc8152bis-struct] [I-D.ietf-cose-rfc8152bis-struct]
Schaad, J., "CBOR Object Signing and Encryption (COSE): Schaad, J., "CBOR Object Signing and Encryption (COSE):
Structures and Process", Work in Progress, Internet-Draft, Structures and Process", Work in Progress, Internet-Draft,
draft-ietf-cose-rfc8152bis-struct-14, 24 September 2020, draft-ietf-cose-rfc8152bis-struct-15, 1 February 2021,
<https://tools.ietf.org/html/draft-ietf-cose-rfc8152bis- <https://tools.ietf.org/html/draft-ietf-cose-rfc8152bis-
struct-14>. struct-15>.
[RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz, [RFC8613] Selander, G., Mattsson, J., Palombini, F., and L. Seitz,
"Object Security for Constrained RESTful Environments "Object Security for Constrained RESTful Environments
(OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019, (OSCORE)", RFC 8613, DOI 10.17487/RFC8613, July 2019,
<https://www.rfc-editor.org/info/rfc8613>. <https://www.rfc-editor.org/info/rfc8613>.
Appendix A. Examples Appendix A. Examples
This appendix includes a set of examples that show the different This appendix includes a set of examples that show the different
features and message types that have been defined in this document. features and message types that have been defined in this document.
 End of changes. 10 change blocks. 
11 lines changed or deleted 26 lines changed or added

This html diff was produced by rfcdiff 1.48. The latest version is available from http://tools.ietf.org/tools/rfcdiff/